Ch9 Access Control Lists - Practical Flashcards

1
Q

Standard ACL Number Ranges

A

1 to 99, 1300, and 1999

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Extended ACL Number Ranges

A

100 to 199 and 2000 to 2699

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Calculating Wildcard Mask

A

Subtract specific network’s subnet mask from 255.255.255.255.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Command to Configure IPv4 Standard ACL

A

access-list access_list_number { deny | permit | remark } source_ip [source_wildcard] [log]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Command that displays lists/contents of access lists.

A

show access-list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Command to Attach ACL to an Interface

A

ip access-group {acl_number | acl_name} {in | out}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Configuring Numbered Standard IPv4 ACL (3)

A
  1. access-list acl_number {deny | permit | remark } source source_ip [source_wildcard] [log] // repeat to create multiple entries which are numbered automatically.
  2. interface interface_id
  3. ip access-group acl_number { in | out } // applies ACL to interface
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Configuring Named Standard IPv4 ACL (5)

A
  1. ip access-list standard acl_name
  2. {deny | permit | remark } source_ip [source_wildcard] [log] to create entries.
  3. Exit ACL Config Mode
  4. interface interface_id
  5. ip access-group acl_name {in | out } // applies ACL to interface.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Editing ACLs with Text Editor (3)

A
  1. use show running-config | include access-list acl_number | acl_name to display lists.
  2. Copy acl section into text editor.
  3. Make changes to ACL and then paste back into router terminal.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Editing ACLs with Sequence Number (4)

A
  1. use show access-lists { acl_number | acl_name } to display current ACE’s within the designated ACL.
  2. use ip access-list {standard | extended } {acl_number | acl_name } to enter ACL config mode.
  3. Delete old ACE by using no acl_number
  4. Edit by using : acl_sequence_number modified_ACE
    ex: 10 deny host 192.168.10.10
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

3 Methods to Verify ACLs

A
  1. show access-lists [acl_name | acl_number]
  2. show ip interface interface_id
  3. show running-config | include access-list [acl_name | acl_number]
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How to Determine if an ACL is Working Properly.

A

show access lists : will display matches to permit or deny entries as the ACL is used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Command used to clear the match counters in an access list.

A

clear access-list counters [acl_number | acl_name]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Using ACL to Control VTY Access

A
  1. line vty vty_range
  2. ip access-class acl_number {in [vrf-also] | out}
  3. exit
  4. access-list acl_number {permit | deny | remark } source_ip [source_wildcard] [log]
  5. access-list acl_number deny any
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Logical Operators That Can Be Used in Extended ACLs (4)

A
  1. eq (equal)
  2. neq (not equal)
  3. gt (greater than)
  4. lt (less than)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Command used to display list of port numbers and keywords that can be used to build an ACL

A

access-list 101 permit tcp any any eq ?

17
Q

Command Used to Configure Extended ACL

A

access-list [extended] acl_number { deny | permit | remark } {protocol_number | protocol_name} source_ip [source_wildcard] [operator operand] [port port_number_or_name] destination [destination_wildcard] [operator operand] [port port_number_or_name] [established]

18
Q

2 Methods to Verify Extended ACLs

A
  1. show access-lists
  2. show ip interface interface_id
19
Q

IPv6 Version of the access-group Command.

A

ipv6 traffic-filter acl_name {in | out}

20
Q

Command Used to Create IPv6 Access List

A

ipv6 access-list access_list_name

21
Q

IPv6 ACE

A

{deny | permit | remark } ipv6 | ipv4 {source_ipv6_prefix/prefix_length | any | host source_ipv6_address} [operator [port_number]][destination_ipv6_prefix/prefix_length | any | host destination_ipv6_address} [operator [port_number]]

22
Q

Procedute to Apply IPv6 ACL to Interface

A
  1. interface interface_id
  2. ipv6 traffic-filter acl_name {in | out}
23
Q

How Do You Apply ACLs to VTYs in IPv6?

A

access-class acl_name {in [vrf-also] | out}

24
Q

3 Methods to Verify IPv6 ACLs

A
  1. show ipv6 interface interface_id
  2. show access lists
  3. show running-config
25
Q

FTP Port

A

21 TCP

26
Q

SSH Port

A

22 TCP

27
Q

Telnet Port

A

23 TCP

28
Q

SMTP Port

A

25 TCP

Outgoing Mail

29
Q

POP Port

A

110

Incoming Mail

30
Q

HTTP Port

A

80 TCP

31
Q

IMAP Port

A

143 TCP

32
Q

IRC Port

A

194 TCP

33
Q

HTTPS Port

A

443 TCP

34
Q

TFTP Port

A

69 UDP

35
Q

RIP Port

A

520 UDP

36
Q
A
37
Q

When is it best to use an Inbound ACL

A

When attached network is the only source of packets needing to be examined.

38
Q

When is it best to use an Outbound ACL

A

When ACL will be applied to multiple inbound interfaces, but exiting the same outbound interface.

39
Q
A